Sender: s3...@pjwstk.edu.pl
Subject: Couchbase Server - Remote Code Execution
Message-Id:
Recipient: lanware.secur...@lanware.co.uk
__
This email and any attachments to it may be confidential and are intended
solely for the
Sender: s3...@pjwstk.edu.pl
Subject: Couchbase Server - Remote Code Execution
Message-Id:
Recipient: lanware.secur...@lanware.co.uk
__
This email and any attachments to it may be confidential and are intended
solely for the
Hey,
Description:
Couchbase Server [1] exposes REST API [2] which by default is
available on TCP/8091 and/or TCP/18091.
Authenticated users can send arbitrary Erlang code to 'diag/eval'
endpoint of the API. The code will be subsequently executed in the
underlying operating system with privileges
Hey,
TL;DR: UAF in a "non-release" version of ModSecurity for Nginx.
!RCE|DoS, no need to panic.
Plus some old and even older exploitation vector(s).
/*
* 1. Use-After-Free (UAF)
*/
During one of the engagements my team tested a WAF running in production
Nginx + ModSecurity +
Hey,
The Path Traversal vulnerability was found in the component of the Bomgar
Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar
applet that is hosted at https://TARGET/api/content/JavaStart.jar on the
vulnerable RSP deployments. The JavaStart version 52970 and prior were
Hey,
The Local Privilege Escalation vulnerability was found in the Kaseya
Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a
Windows service that periodically executes various programs with “NT
AUTHORITY\SYSTEM” privileges.
In the Kaseya's default configuration, Windows